"The TCP shall be able to create, maintain, and protect frommodification or unauthorized access. The audit data shall be protectedby the TCB so that read access to it is limited to those who areauthorized for audit data. The TCB shall be able to record the followingtypes of events: use of identification and authentication mechanisms,introduction of objects into a user's address space (e.g., fileopen,program initiation), deletion of objects, actions taken by computeroperators and system administrators and/or system security officers, andother security relevant events. For each recorded event, the audit reordshall identify: date and time of the event, user, type of event, andsuccess or failure of that event. For identification/authenticationevents the origin of request (e.g., terminal ID) shall be included inthe audit record. For events that introduce an object into a user'saddress space and for object deletion events the audit record shallinclude the name of the object. The ADP system administrator shall beable to selectively audit the actions of any one or more users based onindividual identity."

> Even Windows 2000 now offers some Protection Profiles from the Common> Criteria EAL4+FLR für ControledAccessProtectionProfile(CAPP).

EAL4 means "we're pretty sure the system does X"

It does not say that X is anything remotely related to security. The"AL" in EAL is for "Assurance Level", how certain you are that thesystem behaves according to specification. It's not about the securityfeatures of your specification.

Ever wondered why Solaris 8 and Trusted Solaris 8 both have EAL4 ?

You say C2 auditing is anachronistical - but NOT EVEN having THAT ismost certainly not a mark of distinction.

And in fact, your average syslog setup is NOT guaranteed to store thelog events as required by C2. Some information is missing, and you donot have guarantees that events that *are* generated by the system,actually reach the log.

This is very very far from being impressive. C2 is not the end all andbe all, but it's auditing requirements are pretty good (for systems thatonly have discretionary access controls) and efforts to bring this kindof auditing to Linux should certainly not be frowned upon.

That's my 0.02 Euro at least

-- ................................................................: jakob@unthought.net : And I see the elder races, ::.........................: putrid forms of man :: Jakob Østergaard : See him rise and claim the earth, :: OZ9ABN : his downfall is at hand. ::.........................:............{Konkhra}...............:-To unsubscribe from this list: send the line "unsubscribe linux-kernel" inthe body of a message to majordomo@vger.kernel.orgMore majordomo info at http://vger.kernel.org/majordomo-info.htmlPlease read the FAQ at http://www.tux.org/lkml/